1. VisualSniffer organizes captured packets based on their protocol, source and destination addresses. TCP/IP packets are further grouped into connections. This helps users to find information easily. Furthermore, users can define their own workspaces where VisualSniffer only shows captured packets that the users want to see. VisualSniffer also provide Windows style search tool to help users to retrieve the information what they want. These features are very useful, especially when you have millions of captured packets.
2. VisualSniffer can perform protocol analysis, content searching/matching based on user defined rules in real-time and notify users by e-mail, sound, and text
message when intrusion is detecte. VisualSniffer provides hundreds of built-in rules for detecting a variety of
attacks and probes, such as buffer overflows, port scans, CGI attacks, OS fingerprinting attempts, and much more.
3. VisualSniffer scheduler lets you schedule regular capture tasks. The scheduler is a front-end interface to Microsoft Scheduler.
4. VisualSniffer provides graphical and statistical displays with colored charts.
5. VisualSniffer decodes: ARP, DNS, EGP, GGP, GRE, ICMP, IGMP, IGRP, IPv4, IPv6, NetBIOS, PIM, RDP, RSVP, SNAP, SNMP, TCP, UDP.
6. VisualSniffer saves all captured data into a cache file and only load visible data into memory.Therefore, VisualSniffer can handle huge captured data, but doesn't require large memory. It also has a data management tool similar to that of Event Manager in Windows. You can also set up filters to receive only subsets of the network traffic.
7. VisualSniffer can save captured packets into a log file with format of "libpcap", which is a standard used by a lot of network tools. It can also load data from a "libpcap" file.